While we learned of the SolarWind hack on December 13th, the first disclosure of its consequences was made on December 8th by leading cybersecurity firm FireEye which revealed that it was hacked by a nation-state hacking group.
As part of the attack, the hackers gained access to the SolarWinds Orion build system and injected the sunburst backdoor into a legitimate DLL used by the SolarWinds Orion IT management software. This DLL was later automatically distributed to SolarWinds customers in a supply chain attack.
Even though the timeline of the SolarWinds attack starts in September 2019, the date when the earliest suspicious activity was found on SolarWinds internal network, the identity of the hacking group behind this supply-chain attack is still unknown.
However, Kaspersky was the first to make a connection between the SolarWinds hackers and a previously known cyber-espionage group after finding that the Sunburst backdoor has feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group.
"The identified connection does not give away who was behind the SolarWinds attack, however, it provides more insights that can help researchers move forward in this investigation," Costin Raiu, director of Kaspersky's Global Research and Analysis Team (GReAT), said.
From the popular series "Snake Oil Lowers Security", today: Fireeye.
They were recently hacked. And what did the attackers take out of there?
Investigations found, attackers targeted and accessed certain Red Team assessment tools that were use to test their customers' 'security'. - Their attack tools!
Hey, just like the CIA back then! And the NSA!
Well, that's not exactly the kind of message you send to your customers, so they made a nice shit sandwich. The introduction is: FireEye is on the front lines defending companies and critical infrastructure globally from cyber threats. And in the end this is it: Every day, we innovate and adapt to protect our customers.
In case you don't know the concept: This is a "life hack" when you have bad news but consider your counterpart to be a irascible idiot, either with the self-control of a defiant toddler or with the rationality of a dementia patient in a nursing home.
That Fireeye pulls this tactic with their customers is a pretty clear statement of what Fireeye thinks of their customers. Cheers...
More than a dozen Army officials have been fired or suspended as part of a sweeping investigation into the climate and culture at Fort Hood, a major military base in Texas that has been rocked by complaints of sexual harassment, bullying and violence, Army officials announced on Tuesday.
I'm fine with science being democratized and everyone being educated so that it can be integrated appropriately into public policy. That isn't to say that everyone has the ability to do every kind of science, nor that you should reject science when it doesn't match your bias.
In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist. We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together.
Everyone and I mean everyone of whom I have ever seen use this citation always stops there and ignores what comes immediately after the last word above. And it is an even more dire warning than that of the MIC. It warns us of what we are presently in the end game of now. I've posted it several times over the years here. Always greeted with crickets. Probably no different now, either.
Akin to, and largely responsible for the sweeping changes in our industrial-military posture, has been the technological revolution during recent decades.
In this revolution, research has become central; it also becomes more formalized, complex, and costly. A steadily increasing share is conducted for, by, or at the direction of, the Federal government.
Today, the solitary inventor, tinkering in his shop, has been over shadowed by task forces of scientists in laboratories and testing fields. In the same fashion, the free university, historically the fountainhead of free ideas and scientific discovery, has experienced a revolution in the conduct of research. Partly because of the huge costs involved, a government contract becomes virtually a substitute for intellectual curiosity. For every old blackboard there are now hundreds of new electronic computers.
The prospect of domination of the nation's scholars by Federal employment, project allocations, and the power of money is ever present and is gravely to be regarded.
Yet, in holding scientific research and discovery in respect, as we should, we must also be alert to the equal and opposite danger that public policy could itself become the captive of a scientific-technological elite.
